4 matches found
thingvellir (>=0.0.0-alpha1 <=0.0.2-alpha2) potentially affected by CVE-2024-27284 via cassandra-cpp (=0.15.1)
cassandra-cpp CARGO version =0.15.1 is affected by a known vulnerability. The following packages have a transitive dependency on cassandra-cpp and may be impacted: - thingvellir =0.0.0-alpha1, =0.0.2-alpha2 Source cves: CVE-2024-27284 Source advisory: OSV:GHSA-X9XC-63HG-VCFQ...
CVE-2024-27284 cassandra-rs non-idiomatic use of iterators leads to use after free
cassandra-rs is a Cassandra CQL driver for Rust. Code that attempts to use an item e.g., a row returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0...
CVE-2024-27284
The CVE concerns the cassandra-rs Rust Cassandra (CQL) driver. A use-after-free exists when code uses an item from an iterator after advancing the iterator, potentially accessing freed memory. The issue is fixed in version 3.0.0; users with pre-3.0.0 versions should upgrade to 3.0.0 to mitigate. ...
thingvellir (>=0.0.0-alpha1 <=0.0.2-alpha2) potentially affected by CVE-2024-27284 via cassandra-cpp (=0.15.1)
cassandra-cpp CARGO version =0.15.1 is affected by a known vulnerability. The following packages have a transitive dependency on cassandra-cpp and may be impacted: - thingvellir =0.0.0-alpha1, =0.0.2-alpha2 Source cves: CVE-2024-27284 Source advisory: OSV:RUSTSEC-2024-0017...